SpringSecurity：仅针对特定网址注册过滤器

Question

我正在为我的应用程序使用WebSecurityConfigurerAdapter，同时使用jwt进行身份验证，并且一切正常（第一个代码段）；我现在想做的是仅针对特定的网址格式添加另一个过滤器，但是无论如何现在都将调用此过滤器（第二个代码段）。有人请向我解释我在做什么错？

这是我的代码：

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors()
            .and().csrf().disable().httpBasic().disable()
                .authorizeRequests()
                .antMatchers("/auth").permitAll()
                .antMatchers("/v2/api-docs",
                        "/swagger-resources/**",
                        "/configuration/**",
                        "/swagger-ui.html",
                        "/webjars/**").permitAll()
                .antMatchers(
                        "/",
                        "/refreshconfig",
                        "/launchGameForFun/**",
                        "/*.html",
                        "/*.gif",
                        "/favicon.ico",
                        "/**/*.html",
                        "/**/*.gif",
                        "/**/*.css",
                        "/**/*.js").permitAll()
                .anyRequest().authenticated()
            .and()      
                .exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint())
            .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
                .addFilterBefore(new Slf4jMDCFilter(), JwtAuthorizationFilter.class)
                .addFilter(new JwtAuthorizationFilter(authenticationManager()));
    }

在上面添加此代码无法正常工作：

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors()
            .and().csrf().disable().httpBasic().disable()
                .authorizeRequests()
                .antMatchers("/auth").permitAll()
                .antMatchers("/v2/api-docs",
                        "/swagger-resources/**",
                        "/configuration/**",
                        "/swagger-ui.html",
                        "/webjars/**").permitAll()
                .antMatchers(
                        "/",
                        "/refreshconfig",
                        "/launchGameForFun/**",
                        "/*.html",
                        "/*.gif",
                        "/favicon.ico",
                        "/**/*.html",
                        "/**/*.gif",
                        "/**/*.css",
                        "/**/*.js").permitAll()
                .anyRequest().authenticated()
            .and()      
                .exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint())
            .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
                .addFilterBefore(new Slf4jMDCFilter(), JwtAuthorizationFilter.class)
                .addFilter(new JwtAuthorizationFilter(authenticationManager()))
            .antMatcher("/*/*wager")
                .addFilterAfter(new MultiReadServletFilter(), JwtAuthorizationFilter.class)
                .addFilterAfter(new XauthFilter(), MultiReadServletFilter.class);
    }

要更加清楚：我希望为每个URL（包括{/*/*wager）调用Slf4jMDCFilter和JwtAuthorizationFilter，而仅为/*/*wager调用MultiReadServletFilter和XauthFilter。显然，在两种情况下，所有网址均被排除。